Microblogging site Twitter has said it used phone numbers and email addresses of an unspecified number of users to set up two-factor authentication on their accounts to enable targeted advertising. The company in a disclosure said it is not aware of the exact number of users who were impacted. In a statement, the social media giant said that third-party marketers might have reached specific users on its platform based on email addresses and phone numbers, even if the users didn’t want their contact details to be used this way. The incident is latest in the list of security mishaps for the social-networking companies and could create trouble for Twitter as Facebook was penalized for USD 5 billion by Federal regulators earlier this year for a similar situation. Facebook was also prohibited from using the contact details obtained for setting up two-factor for ads.
Twitter is not talking about when exactly it discovered the issue but stressed that the issue was addressed as of September 17 i.e. 21 days ago. The company, which has its European headquarters in Dublin, said that two-factor authentication is a crucial security feature because this makes it nearly impossible for hackers to break into user accounts. The practice is very common across social networks and it allows advertisers to match their won database with users on the Microblogging site that use the same contact details. It is then used to reach users who are very likely already aware of the product or brand.
Terming its ad targeting as ‘an error’, Twitter has apologized for the development. Twitter has faced several security lapses in the past few months. Last year, it admitted to amassing passwords in plaintext and also revealed a phone number leak bug after hiding it for almost two years. In May last year, the company even confirmed a location data leak. The most significant security breach came in August when Twitter chief executive Jack Dorsey had his personal account hacked. This promoted the company to a feature that allowed its users to tweet by text.